Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/04/17 9:16 p.m.8 views

CVE-2026-40353 wger: Stored XSS via Unescaped License Attribution Fields

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...

5.1CVSS5.7AI score0.00207EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 9:16 p.m.20 views

CVE-2026-40353 wger: Stored XSS via Unescaped License Attribution Fields

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attributionlink property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled license fields such as licenseauthor without escaping, and templates render the result using Django's...

5.1CVSS0.00207EPSS
Exploits1References2
CVE
CVE
added 2026/04/17 9:16 p.m.22 views

CVE-2026-40353

CVE-2026-40353 affects wger (versions 2.5 and earlier) where AbstractLicenseModel.attribution_link builds HTML by directly interpolating user-controlled fields (e.g., license_author) without escaping, and templates render it with Django’s safe filter. This allows an authenticated user to store an...

5.4CVSS5.7AI score0.00207EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/16 1:37 a.m.4 views

GHSA-6F54-QJVM-WWQ3 wger has Stored XSS via Unescaped License Attribution Fields

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attributionlink property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields licenseauthor, licensetitle, licenseobjecturl, licenseauthorurl, licensederivativesourceur...

5.4CVSS6AI score0.00207EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33300

Stored XSS via Unescaped License Attribution Fields Summary The AbstractLicenseModel.attribution link property in wger/utils/models.py constructs HTML strings by directly interpolating user-controlled fields license author, license title, license object url, license author url, license derivative...

5.1CVSS6AI score0.00207EPSS
Exploits1References7
Rows per page
Query Builder